At a glance:
| IR Number | FG-IR-19-184 |
| Date | Nov 25, 2019 |
| Risk |
|
| Impact | Execute Unauthorized Code or Commands |
| CVE ID | CVE-2019-6697 |
| Affected Products |
FortiOS: 6.2.1, 6.2.0
|
| CVRF | Download |
Refine Search
XSS vulnerability in FortiGate DHCP monitor page
XSS vulnerability in FortiGate DHCP monitor page
Summary
An Improper Neutralization of Input vulnerability in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack (XSS) by sending a crafted DHCP packet.
Affected Products
FortiGate version 6.2.1 and below.
FortiGate version 6.0.6 and below.
Solutions
Please upgrade to FortiGate version 6.2.2 and above.
Please upgrade to FortiGate version 6.0.7 and above.